Share this post

Link to post

mrexodia 1,445

mrexodia
1,445

Did you try copying TitanHide.sys to the system32/drivers folder? You'll also need to specify the full path to the driver and I think the path should not include spaces. I also tested it on XP x86 SP3, works fine here (on my normal win7 there are issues though).

Share this post

Link to post

LCF-AT 2,302

LCF-AT
2,302

nice idea but it would be better to create a small exsample video to do nothing wrong etc.So I have test it manually now and got a BSOD yeahhh!My first one on my new PC!Also this loader CMD stuff you should prevent and for this you could also create a little GUI so that you don't need to enter the paths etc manually you know so strg+v does not work in your CMD.

Just create a video too where you show all steps + all features of the loader file = create / setup service + a using exsample with the GUI and PID + unloading / delete service again etc.

Would be nice if you could do this so I don't wanna do again something wrong and get a another BSOD.

So thats the reason why a simple exsample video is always a good idea to prevent to do something wrong as me now. Yes just make a small video and then all should be going better also for noobs like me.

Share this post

Link to post

mrexodia 1,445

mrexodia
1,445

@deepzero: what happened to the old reply? MSDN doesn't state that UNICODE_STRING buffers are terminated anywhere. I fixed the bugs on various places.

@LCF-AT: The GUI thing will be done once the real testing stage is over. Currently this loader works perfectly fine You can paste in the console by the way, enable "QuickEdit Mode" (Right click on Title -> Properties -> QuickEdit Mode), select the second option (save for all windows). You can use right-click to paste in the console window.

Attached V0002 (should not give more BSODs, because the UNICODE_STRING problem is solved).

Share this post

Link to post

LCF-AT 2,302

LCF-AT
2,302

ok thanks Deep so I will test it so now. No idea what the BSOD told me so it was just visible for one second and then the PC did restart.So what for patches I have to remove in registry?You mean this what I did post or anything else?

Ok eXoDia so I will also test your new file. Feeback comes later after testing and I hope that you are right and that I get no more any BSOD.

Share this post

Link to post

kao 1,836

kao
1,836

1) Both v1 and v2 drivers BSOD few seconds after load on my i5-2500K (32bit WinXP SP3). Do not crash in VMWare (single core cpu, XP SP2). My best guess - multi-core CPUs are not supported properly. Minidumps attached. If you wish, I could make full dump - even though I really don't appreciate seeing blue screen on my main machine.

Share this post

Link to post

LCF-AT 2,302

LCF-AT
2,302

About your KmdManager Kao.So you mean I can use this GUI to reg / run / stop / unreg any .sys files only yes?Is there also any longer description how to use all features of this tool or youtube video etc?Thanks again so far.

@ Deep

So I see I forgot to enter the start line. Sorry but this manually CMD entering is really no more my thing since a long time so I do prefer simple GUIs instead.Ok lets wait what eXoDia will do also to fix this BSOD problem.

greetz

Share this post

Link to post

mrexodia 1,445

mrexodia
1,445

After some talking with deepzero, I realized that the hooking model is completely unreliable. It is therefore not recommended to use this driver outside of a VM, because you eventually WILl get a BSOD.

It has to do with exclusive memory access that needs to be obtained in order to place the hook (7 bytes on x86 and 12 on x64). I'm working on a way to do SSDT hooking on x64 and I will try to release a new hooking model quite soon.